<!DOCTYPE html>
<html lang="en-US" xmlns:fb="https://www.facebook.com/2008/fbml" xmlns:addthis="https://www.addthis.com/help/api-spec"  prefix="og: http://ogp.me/ns#">
<head>
<meta charset="UTF-8" />
<title>Memory Squatting: Attacks On System V Shared Memory | Portcullis Labs</title>
<meta name="viewport" content="initial-scale = 1.0, maximum-scale = 1.0, user-scalable = no, width = device-width">
<!--[if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->

<link rel="stylesheet" href="https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/style.css" media="screen" />


<!-- This site is optimized with the Yoast WordPress SEO plugin v1.4.7 - http://yoast.com/wordpress/seo/ -->
<link rel="canonical" href="https://labs.portcullis.co.uk/whitepapers/memory-squatting-attacks-on-system-v-shared-memory/" />
<meta property='og:locale' content='en_US'/>
<meta property='og:type' content='article'/>
<meta property='og:title' content='Memory Squatting: Attacks On System V Shared Memory - Portcullis Labs'/>
<meta property='og:url' content='https://labs.portcullis.co.uk/whitepapers/memory-squatting-attacks-on-system-v-shared-memory/'/>
<meta property='og:site_name' content='Portcullis Labs'/>
<!-- / Yoast WordPress SEO plugin. -->

<link rel="alternate" type="application/rss+xml" title="Portcullis Labs &raquo; Feed" href="https://labs.portcullis.co.uk/feed/" />
<link rel='stylesheet' id='TheStyleSheets-css'  href='https://labs.portcullis.co.uk/wp-content/plugins/asm-brush/style.css?ver=3.8.5' type='text/css' media='all' />
<link rel='stylesheet' id='wpfb-css'  href='//labs.portcullis.co.uk/wp-content/plugins/wp-filebase/wp-filebase.css?t=1475825177&#038;ver=3.4.4' type='text/css' media='all' />
<link rel='stylesheet' id='contact-form-7-css'  href='https://labs.portcullis.co.uk/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=3.3.2' type='text/css' media='all' />
<link rel='stylesheet' id='css3lightbox_style-css'  href='https://labs.portcullis.co.uk/wp-content/plugins/css3lightbox/assets/style.css?ver=3.8.5' type='text/css' media='all' />
<link rel='stylesheet' id='addthis_all_pages-css'  href='https://labs.portcullis.co.uk/wp-content/plugins/addthis/frontend/build/addthis_wordpress_public.min.css?ver=3.8.5' type='text/css' media='all' />
<!--[if lte IE 7]>
<link rel='stylesheet' id='style.ie7.css-css'  href='https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/style.ie7.css?ver=3.8.5' type='text/css' media='screen' />
<![endif]-->
<link rel='stylesheet' id='style.responsive.css-css'  href='https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/style.responsive.css?ver=3.8.5' type='text/css' media='all' />
<script type='text/javascript' src='https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/jquery.js?ver=3.8.5'></script>
<script type='text/javascript' src='https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/script.js?ver=3.8.5'></script>
<script type='text/javascript' src='https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/script.responsive.js?ver=3.8.5'></script>

 

<link rel="shortcut icon" href="https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/favicon.ico" /><link rel='header_link' href='/' /><style type="text/css" id="syntaxhighlighteranchor"></style>
<script data-cfasync="false" type="text/javascript">if (window.addthis_product === undefined) { window.addthis_product = "wpp"; } if (window.wp_product_version === undefined) { window.wp_product_version = "wpp-6.1.4"; } if (window.wp_blog_version === undefined) { window.wp_blog_version = "3.8.5"; } if (window.addthis_share === undefined) { window.addthis_share = {}; } if (window.addthis_config === undefined) { window.addthis_config = {"data_track_clickback":false,"ignore_server_config":true,"ui_atversion":300}; } if (window.addthis_layers === undefined) { window.addthis_layers = {}; } if (window.addthis_layers_tools === undefined) { window.addthis_layers_tools = []; } else {  } if (window.addthis_plugin_info === undefined) { window.addthis_plugin_info = {"info_status":"enabled","cms_name":"WordPress","plugin_name":"Share Buttons by AddThis","plugin_version":"6.1.4","plugin_mode":"WordPress","anonymous_profile_id":"wp-3219ffbb80dfd9f649eb0d9d76c4d2e4","page_info":{"template":"posts","post_type":""},"sharing_enabled_on_post_via_metabox":false}; } 
                    (function() {
                      var first_load_interval_id = setInterval(function () {
                        if (typeof window.addthis !== 'undefined') {
                          window.clearInterval(first_load_interval_id);
                          if (typeof window.addthis_layers !== 'undefined' && Object.getOwnPropertyNames(window.addthis_layers).length > 0) {
                            window.addthis.layers(window.addthis_layers);
                          }
                          if (Array.isArray(window.addthis_layers_tools)) {
                            for (i = 0; i < window.addthis_layers_tools.length; i++) {
                              window.addthis.layers(window.addthis_layers_tools[i]);
                            }
                          }
                        }
                     },1000)
                    }());
                </script> <script data-cfasync="false" type="text/javascript"src="https://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-50cef03053621092" async="async"></script><meta name="norton-safeweb-site-verification" content="t4bvmzb47z4-fa69d4guwu4ud9-4fjyp-p5zu1zngnplt83xrfxxg18yea8ev95lh9h4vlzkclbcvyu37rz5etuoczh7z3827pjv3s73uannz0xkwzfw2iiu4ol7o83f" />
</head>
<body class="single single-post postid-2403 single-format-standard">

<div id="portcullis-main">


<!-- Cisco -->
<div id="cisco">
    <div id="cisco-container" class="clearfix">
        <div class="left">
            <a href="http://www.cisco.com/" target="_blank"><img class="cisco-logo" src="https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/images/portcullis_cisco_logo.png" alt=""></a>
            <a href="http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/portcullis.html" class="learnmore">Learn More <img src="https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/images/more-triangle.png" alt=""></a>
        </div>
        <div class="right">
            <div class="move-right"><a href="http://www.cisco.com/web/about/index.html" target="_blank" class="move-right">About Cisco</a></div>
        </div>
    </div>
</div>
<!-- /#cisco -->

<header class="clearfix portcullis-header clickable">


    <div class="portcullis-shapes">
		<div class="portcullis-headline" data-left="14.6%">
    <a href="https://labs.portcullis.co.uk/">Portcullis Labs</a>
</div>
		<div class="portcullis-slogan" data-left="16.4%">Research and Development</div>
<div class="logo"><a href="https://www.portcullis-security.com"><img style="border:none;" src="/wp-content/themes/Portcullisfinal/images/logo.png" /></a></div>

<div class="portcullis-textblock portcullis-object1741532833" data-left="92.34%">
    
</div><div class="portcullis-textblock portcullis-object1269462037" data-left="97.93%">
    
</div>
            </div>

<nav class="portcullis-nav clearfix">
    
<ul class="portcullis-hmenu">
	<li class="menu-item-268"><a href="https://labs.portcullis.co.uk" title="Home">Home</a>
	</li>
	<li class="menu-item-6568"><a href="https://labs.portcullis.co.uk/advisories/" title="Advisories">Advisories</a>
	</li>
	<li class="menu-item-83"><a href="https://labs.portcullis.co.uk/blog/" title="Blog">Blog</a>
	</li>
	<li class="menu-item-66"><a href="https://labs.portcullis.co.uk/presentations/" title="Presentations">Presentations</a>
	</li>
	<li class="menu-item-62"><a href="https://labs.portcullis.co.uk/tools/" title="Tools">Tools</a>
	</li>
	<li class="menu-item-64"><a href="https://labs.portcullis.co.uk/whitepapers/" title="Whitepapers">Whitepapers</a>
	</li>
	<li class="menu-item-59"><a href="https://labs.portcullis.co.uk/downloads/" title="Downloads">Downloads</a>
	</li>
</ul>
 
    </nav>

                    
</header>

<div class="portcullis-sheet clearfix">
            <div class="portcullis-layout-wrapper clearfix">
                <div class="portcullis-content-layout">
                    <div class="portcullis-content-layout-row">
                        <div class="portcullis-layout-cell portcullis-content clearfix">
							<article id="post-2403"  class="portcullis-post portcullis-article  post-2403 post type-post status-publish format-standard hentry category-whitepapers tag-44con tag-analysis tag-exploit tag-imisslsd tag-unix">
                                <div class="portcullis-postmetadataheader"><h1 class="portcullis-postheader">Memory Squatting: Attacks On System V Shared Memory</h1></div>                                                <div class="portcullis-postheadericons portcullis-metadata-icons"><span class="portcullis-postdateicon"><span class="date">Published</span> <span class="entry-date" title="03:26">13/11/2013</span></span> | <span class="portcullis-postauthoricon"><span class="author">By</span> <span class="author vcard"><a class="url fn n" href="https://labs.portcullis.co.uk/author/tmb/" title="View all posts by TMB">TMB</a></span></span></div>                <div class="portcullis-postcontent clearfix"><div class="at-above-post addthis_tool" data-url="https://labs.portcullis.co.uk/whitepapers/memory-squatting-attacks-on-system-v-shared-memory/"></div><!-- AddThis Button BEGIN -->
<div class="addthis_toolbox addthis_default_style "><a class="addthis_button_email"><a class="addthis_button_twitter"></a><a class="addthis_button_reddit"></a></a>
</div><p>Rather than representing a definitive guide, this document represents a review of the specific security issues identified during Portcullis Computer Security Ltd’s recent research into System V shared memory segments and their usage.<span id="more-2403"></span></p>
<p>What follows should, however, provide a high-level summary of issues, impacts and methods of remediation in cases where System V shared memory segments are used in an insecure fashion. This paper was released as part of my presentation at 44CON 2013 entitled &#8220;<a title="I Miss LSD" href="/presentations/i-miss-lsd/">I miss LSD</a>&#8220;.</p>
<div class="wpfilebase-file-default" onclick="if('undefined' == typeof event.target.href) document.getElementById('wpfb-file-link-1').click();">
  <div class="icon"><a href="https://labs.portcullis.co.uk/download/MSAOSVSM.pdf" target="_blank" title="Download MSAOSVSM"><img align="middle" src="https://labs.portcullis.co.uk/wp-includes/images/crystal/document.png" alt="MSAOSVSM" /></a></div>
  <div class="filetitle">
    <a href="https://labs.portcullis.co.uk/download/MSAOSVSM.pdf" title="Download MSAOSVSM.pdf" target="_blank" id="wpfb-file-link-1">MSAOSVSM.pdf</a>
    
    <br />
    November 13, 2013<br />
    
  </div>
  <div class="info">
    569.3 KiB<br />
    MD5 hash: 2511c7c09b51f39b74f37ed5e79fe1b5 <br />
    <a href="#" onclick="return wpfilebase_filedetails(1);">Details</a>
  </div>
  <div class="details" id="wpfilebase-filedetails1" style="display: none;">
  
  <table border="0">
   
   
   
   
   
   
   <tr><td><strong>Date:</strong></td><td>November 13, 2013</td></tr>
  </table>
  </div>
 <div style="clear: both;"></div>
</div>
<br /> <div class="wpcf7" id="wpcf7-f375-p238-o1"><form action="/contact/" method="post" class="wpcf7-form">
<div style="display: none;">
<input type="hidden" name="_wpcf7" value="323" />
<input type="hidden" name="_wpcf7_version" value="3.3.2" />
<input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f375-p238-o1" />
<input type="hidden" name="_wpnonce" value="4c6cc9abab" />
</div>
<style>.portcullis-content .layout-item-0 { background: ; padding: 10px;  }
.portcullis-content .layout-item-1 {  border-collapse: separate;  }
.portcullis-content .layout-item-2 { border-top-style:solid;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-width:1px;border-right-width:1px;border-bottom-width:1px;border-left-width:1px;border-top-color:#C7C7C7;border-right-color:#C7C7C7;border-bottom-color:#C7C7C7;border-left-color:#C7C7C7; color: #1C1C1C; background: #FAFAFA url('https://www.portcullis-security.com/wp-content/uploads/2013/01/983aa2.png') scroll; padding: 10px; border-radius: 5px;  }
.ie7 .post .layout-cell {border:none !important; padding:0 !important; }
.ie6 .post .layout-cell {border:none !important; padding:0 !important; }</p>
</style>
<div class="portcullis-content-layout layout-item-1">
<div class="portcullis-content-layout-row">
<div class="portcullis-layout-cell layout-item-2" style="width: 80%" >
</p>
</p>
<h3>Request to be added to the Portcullis Labs newsletter</h3>
<p>
 We will email you whenever a new tool, or post is added to the site.</p>
<p>Your Name (required)<br />
    <span class="wpcf7-form-control-wrap your-name"><input type="text" name="your-name" value="" class="wpcf7-form-control wpcf7-text wpcf7-validates-as-required" size="40" required="required" /></span> </p>
<p>Your Email (required)<br />
    <span class="wpcf7-form-control-wrap your-email"><input type="text" name="your-email" value="" class="wpcf7-form-control wpcf7-text wpcf7-email wpcf7-validates-as-required wpcf7-validates-as-email" size="40" required="required" /></span> </p>
<p><input type="hidden" name="porpoise" value="newsletter" /><br />
<input type="hidden" name="contact_form_7_recaptcha" value="g-recaptcha-MdoonWAry1jlnp2" class="g-recaptcha-explicit-id"><div id="g-recaptcha-MdoonWAry1jlnp2"></div><span class="wpcf7-form-control-wrap g-recaptcha-explicit" data-sitekey="6LdFERITAAAAAJKGS2TEXuWsyOxc-KxvAZBC8zE2"></span></p>
<p><input type="submit" value="Subscribe" class="wpcf7-form-control  wpcf7-submit" /></p>
</div>
</div>
</div>
<div class="wpcf7-response-output wpcf7-display-none"></div></form></div></br ><div style="clear:both;"></div><!-- AddThis Advanced Settings above via filter on the_content --><!-- AddThis Advanced Settings below via filter on the_content --><!-- AddThis Button BEGIN -->
<div class="addthis_toolbox addthis_toolbox addthis_default_style addthis_32x32_style"><a class="addthis_button_email"><a class="addthis_button_twitter"></a><a class="addthis_button_reddit"></a></a>
</div><!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons above via filter on the_content --><!-- AddThis Share Buttons below via filter on the_content --><div class="at-below-post addthis_tool" data-url="https://labs.portcullis.co.uk/whitepapers/memory-squatting-attacks-on-system-v-shared-memory/"></div><!-- AddThis Share Buttons generic via filter on the_content --></div>
                                                                
</article>
				

                        </div>
                                            </div>
                </div>
            </div><footer class="portcullis-footer clearfix"><div class="portcullis-content-layout">
    <div class="portcullis-content-layout-row">
    <div class="portcullis-layout-cell" style="width: 100%">
        <p><br></p>
    </div>
    </div>
</div>
<div class="portcullis-content-layout">
    <div class="portcullis-content-layout-row">
    <div class="portcullis-layout-cell" style="width: 33%">
        <p style="text-align: left;"><span style="font-size: 17px; padding-left:40px; font-family: Tahoma;"><span style="color: #ffffff;">Research and Development</span><br></span></p>
        <ul>
        <li style="text-align: left;padding-left:50px;"><span style="font-size: 12px; font-family: Tahoma;"><a href="https://labs.portcullis.co.uk/advisories/">Advisories</a><br></span></li>
        <li style="text-align: left;padding-left:50px;"><span style="font-size: 12px; font-family: Tahoma;"><a href="https://labs.portcullis.co.uk/blog/">Blog</a><br></span></li>
        <li style="text-align: left;padding-left:50px;"><span style="font-size: 12px; font-family: Tahoma;"><a href="https://labs.portcullis.co.uk/presentations/">Presentations</a><br></span></li>
        <li style="text-align: left; padding-left:50px;"><span style="font-size: 12px; font-family: Tahoma;"><a href="https://labs.portcullis.co.uk/tools/">Tools</a><br></span></li>
        <li style="text-align: left;padding-left:50px;"><span style="font-size: 12px; font-family: Tahoma;"><a href="https://labs.portcullis.co.uk/whitepapers/">Whitepapers</a><br></span></li>
        <li style="text-align: left;padding-left:50px;"><span style="font-size: 12px; font-family: Tahoma;"><a href="https://labs.portcullis.co.uk/downloads/">Downloads</a><br></span></li>
               </ul>
        <p><br></p>
    </div><div class="portcullis-layout-cell" style="width: 34%">
        <p style="text-align: left;"><span style="font-size: 17px;"><span style="font-family: Tahoma;"><span style="font-weight: normal; color: #ffffff;">Company</span><br></span></span></p>
        <ul>
       <li style="text-align: left;"><span style="font-family: Tahoma;"><a href="https://labs.portcullis.co.uk/contact-us/">Contact Us</a><span style="font-size: 12px;"><br></span></span></li>
        <li style="text-align: left;"><span style="font-family: Tahoma;"><a href="https://www.portcullis-security.com">Portcullis Computer Security Services</a><span style="font-size: 12px;"><br></span></span></li>
                </ul>
        <br>
    </div><div class="portcullis-layout-cell" style="width: 33%">
       <span style="color: #ffffff;"><br>
        <br>
        <p style="text-align: left;"><span style="color: #ffffff; font-family: Tahoma;"><span style="color: #ffffff;"><span style="font-size: 15px; color: #ffffff;">Follow Us</span> <span style="font-weight: bold;"> <a href="http://www.twitter.com/portcullislabs" target="_blank"><img width="16" height="16" style=" border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px;" alt="Portcullis Twitter" class="" src="https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/images/twitterfooter.png"></a> <a href="http://www.linkedin.com/company/portcullis?trk=hb_tab_compy_id_505813" target="_blank"><img width="16" height="16" style=" border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px;" alt="Portcullis Linkedin" class="" src="https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/images/linkedinfooter.png"></a> <a href="http://www.facebook.com/PortcullisCSL" target="_blank"><img width="16" height="16" style=" border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px;" alt="Portcullis Facebook" class="" src="https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/images/facebookfooter.png"></a> <a href="https://plus.google.com/114151721382021849037/posts" target="_blank"><img width="16" height="16" style=" border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px;" alt="Google Plus" class="" src="https://labs.portcullis.co.uk/wp-content/themes/Portcullisfinal/images/googleplusfooter.png"></a> <a href="/rss" target="_blank"><img width="16" height="16" style=" border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px;" alt="Portcullis Rss" class=""img src="https://labs.portcullis.co.uk/wp-content/uploads/2013/04/rss.png"></a></span></span></span></p>
        <p><br></p>
    </div>
    </div>
</div>
<div class="portcullis-content-layout">
    <div class="portcullis-content-layout-row">
    <div class="portcullis-layout-cell" style="width: 100%">
        <p><br></p>
        <hr>
    </div>
    </div>
</div>
<div class="portcullis-content-layout">
    <div class="portcullis-content-layout-row">
    <div class="portcullis-layout-cell" style="width: 50%">
      <p style="text-align: left;"><span style="color: #ffffff; font-size: 12px; font-family: Tahoma;">© Portcullis Computer Security Ltd & Portcullis Inc. All rights reserved. ® 1992 - 2017.</span></p>
    </div><div class="portcullis-layout-cell" style="width: 50%">
        <p style="text-align: right;"><span style="color: #ffffff; font-size: 12px; font-family: Tahoma;"><a href="https://labs.portcullis.co.uk/terms-of-use/">Terms of Use</a> </span>| <span style="color: #ffffff; font-size: 12px; font-family: Tahoma;"><a href="https://labs.portcullis.co.uk/privacy-and-cookies/">Privacy and Cookies</a></span></p>
    </div>
    </div>
</div></footer>

    </div>
</div>



<div id="wp-footer">
	<script type='text/javascript' src='https://labs.portcullis.co.uk/wp-content/plugins/wp-filebase/js/common.js?ver=3.4.4'></script>
<script type="text/javascript">
//<![CDATA[
wpfbConf={"ql":true,"hl":0,"pl":1,"hu":"https:\/\/labs.portcullis.co.uk\/","db":"download","fb":false,"cm":0,"ajurl":"https:\/\/labs.portcullis.co.uk\/wp-admin\/admin-ajax.php?action=wpfilebase","ajurlpub":"\/\/labs.portcullis.co.uk\/?wpfilebase_ajax=1"};function wpfb_ondl(file_id,file_url,file_path){ if(typeof pageTracker == 'object') {
	pageTracker._trackPageview(file_url); // new google analytics tracker
} else if(typeof urchinTracker == 'function') {	
	urchinTracker(file_url); // old google analytics tracker
} }
//]]>
</script>
<script type='text/javascript' src='https://labs.portcullis.co.uk/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.23'></script>
<script type='text/javascript'>
/* <![CDATA[ */
var _wpcf7 = {"loaderUrl":"https:\/\/labs.portcullis.co.uk\/wp-content\/plugins\/contact-form-7\/images\/ajax-loader.gif","sending":"Sending ..."};
/* ]]> */
</script>
<script type='text/javascript' src='https://labs.portcullis.co.uk/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.2'></script>
<script type='text/javascript' src='https://www.google.com/recaptcha/api.js?onload=contact_form_7_recaptcha_callback&#038;render=explicit&#038;ver=1.0.0'></script>
<script type='text/javascript'>
/* <![CDATA[ */
var contact_form_7_recaptcha_data = {"sitekey":"6LdFERITAAAAAJKGS2TEXuWsyOxc-KxvAZBC8zE2"};
/* ]]> */
</script>
<script type='text/javascript' src='https://labs.portcullis.co.uk/wp-content/plugins/contact-form-7-recaptcha/script.js?ver=1.0.0'></script>
	<!-- 65 queries. 0.078 seconds. -->
</div>
</body>
</html>

